apparmor: pull in variables from tunables/global

The variables that were defined at the top of the apparmor profile are best
pulled in via the <tunables/global> include.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
This commit is contained in:
Michael Brown 2014-04-07 03:04:27 -04:00
parent 0bcebe0347
commit 7c63627a7f

View file

@ -11,13 +11,8 @@ import (
const DefaultProfilePath = "/etc/apparmor.d/docker" const DefaultProfilePath = "/etc/apparmor.d/docker"
const DefaultProfile = ` const DefaultProfile = `
# AppArmor profile from lxc for containers. # AppArmor profile from lxc for containers.
@{HOME}=@{HOMEDIRS}/*/ /root/
@{HOMEDIRS}=/home/
#@{HOMEDIRS}+=
@{multiarch}=*-linux-gnu*
@{PROC}=/proc/
@{pid}=self
#include <tunables/global>
profile docker-default flags=(attach_disconnected,mediate_deleted) { profile docker-default flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base> #include <abstractions/base>
network, network,